managed-settings.json: deny Read(**) does not block reads outside allowed paths

Resolved 💬 4 comments Opened Feb 24, 2026 by kantegamartin Closed Mar 25, 2026

Bug Report

### Environment

  • Claude Code CLI
  • managed-settings.json in /etc/claude-code/
  • Linux (Ubuntu)

### Configuration

``json
{
"permissions": {
"allow": [
"Read(~/myfiles/**)",
"Edit(~/myfiles/**)",
"Write(~/myfiles/**)",
"Read(~/.claude/**)",
"Edit(~/.claude/**)",
"Write(~/.claude/**)",
"Bash(git *)",
"Bash(npm *)",
"Bash(mvn *)"
],
"deny": [
"Read(**)",
"Edit(**)",
"Write(**)",
"Bash"
]
},
"allowManagedPermissionRulesOnly": true
}
``

Bug: deny Read(**) does not block reads outside allowed paths

Expected: Reading files outside the allowed paths (e.g. /etc/xattr.conf) should be denied by the Read(**) deny rule.

Actual: Arbitrary files can be read freely. For example, /etc/xattr.conf and /etc/claude-code/managed-settings.json were both readable despite no allow rule covering /etc/.

Impact

The deny rule Read(**) is ineffective — files that should be denied are allowed. This undermines the security posture of managed-settings.json, since an administrator cannot restrict reads to only the allowed paths.

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗